Making Progress Toward Audit Ready Financial Statements

As the Department of Defense nears the FY 2017 deadline for asserting audit ready financial statements, managing risks to meeting the requirements of the National Defense Authorization Acts becomes increasingly important.

Today, DoD is making progress in implementing internal controls to manage financial reporting risks, but is doing very little to identify and manage program risks. Per the results of a GAO audit, published in their February 2013 report, DoD’s FIAR risk management activities are not comprehensive and do not fully align with widely accepted risk management activities to include the following: identifying risks that could prevent it from achieving goals, assessing the magnitude of those risks, developing risk mitigation plans, implementing mitigating actions to address the risks, and monitoring the effectiveness of those mitigating actions. While GAO’s audit findings were targeted specifically to DoD, the DoD components should also establish comprehensive risks programs to manage risks at all levels within their entity.

In order to establish and carryout strong risk management programs to help achieve audit readiness, DoD and DoD components should develop policies and procedures to do the following on an ongoing basis:

Identify program risks. Create comprehensive list that includes root causes for every risk identified

Analyze risks. Gather input from a wide array of stakeholders and an assessment of the likelihood and impact for each risk

Plan for risk mitigation. Design internal controls and distribute accountability and responsibility for internal control procedures to the appropriate stakeholders

Monitor risks. Evaluate internal control techniques for effectiveness on a continuous basis

While implementing a comprehensive risk management framework for FIAR will not guarantee success, it will certainly increase the likelihood and go a long, long way toward achieving audit readiness by the deadline.